If it is your first gig in the cyber security field as a generalist, you will most probably focus on a myriad of tasks related to enterprise-wide security. Most companies are under staffed within security departments and have to cover everything from end-point, your regular employee’s computer protection (malware), security awareness to incident response (various attacks) and network security. Normally companies have a 100:10:1 ratio where 100 is a number of developers, 10 - operations staff, and 1 - cyber security.
It’s quite common for a generalist to be overloaded and lost with tasks especially if you have to respond to SIEM and IDS alerts. This comes down to a lack of proper processes, playbooks, tuning of use cases that generate alerts, business impact analysis for task prioritization, master inventory of assets, and also support and cooperation of other teams in the organization. All of these are common issues security generalists face and at times it would feel as-if constantly going against the current but at the same time, these road blocks present opportunities for learning, streamlining processes and building relationships with cross-functional teams. This is your chance to shine!
I believe effective information security is a combination of having technical expertise and equally important effectively educating others, cooperation of whom you need for a successful program. You as a security generalist is responsible for not only understanding and leveraging security tools but also educating the rest of the company on why security matters and how they can play their part protecting your company, clients and partners’ data.
It is fun to play with security tools such as IDS/IPS (McAfee, Cisco ASA, etc.), vulnerability scanners (Qualys, nextpose, Nessus, etc), Sysinternal tools (Process Explorer, AutoRuns, PsTools, etc.), SIEM (ArcSight, ELK, Splunk) and other. But it’s incredibly important to the success of your organization’s security posture to have these tools well-configured and automated where possible.
Being a generalist allows you have a solid foundation and grasp of a security posture of your organization. Take in as much as possible, keep learning, share your knowledge with others, educate and show that cyber security can be an enabler rather than limitation to your organization.